Today Microsoft announced new enhancements of Windows Intune Service as per next week. These updates include:

Ability for the administrator to configure email profiles, whichcan automatically configure the device with the appropriate email server information and related policies, as well as the ability to remove the profile along with the email itself via a remote wipe if needed.

Support for new configuration settings in iOS 7, including the “Managed open in” capability to protect corporate data by controlling which apps and accounts are used to open documents and attachments, and disabling the fingerprint unlock feature.

Ability for the administrator to remotely lock the device if it is lost or stolen, and reset the password if the user forgets it.

In addition to our unified deployment mode and integration with System Center Configuration Manager, Windows Intune can now stand alone as a cloud-only MDM solution. This is a big win for organizations that want a cloud-only management solutions to manage both their mobile devices and PC’s.

Windows Intune offers simple and comprehensive device management, regardless of the platform, for the devices enterprises are already using, with the IT infrastructure they already own. Helping organizations proactively manage this new generation of IT is what makes me so excited about the advancements and innovation we are delivering as a part of next week’s update to the Windows Intune service.

An interesting quote of Brad Anderson is Microsoft’s vision how to manage mobile devices:

“One particular principle that I am especially passionate about is the idea that the modern, mobile devices which are built to consume cloud services should get their policy and apps delivered from the cloud. Put another way: Modern mobile devices should be managed from a cloud service.”

System Center Configuration Manager is the undisputed market leader in managing desktops around the world, and now we are delivering many of our MDM/MAM capabilities from the cloud. We have deeply integrated our Intune cloud service with ConfigMgr so organizations can take advantage of managing all of their devices in one familiar control plane using their existing IT skills.

“Put simply: We are giving organizations the choice of using their current ConfigMgr console extended with the Intune service, or doing everything from the cloud using only Intune if they wish to do management without an on-premises infrastructure.”

Question is for how long?

Later this year, additional updates are being expected to the Windows Intune service including the ability to allow/deny apps from running (or accessing certain sites), conditional access to e-mail depending upon the status of the device, app-specific restrictions regarding how apps interact and use data, and bulk enrollment of devices.

Deeper email management, including conditional access to Exchange email inboxes depending on if the device is managed

Ability to define application restrictions, through direct platform management as well as “wrapping” policy around unmanaged applications, giving administrators the ability to define how an application interacts with data and block undesirable functions such as cut and paste to other apps

Bulk enrollment of mobile devices, specifically useful for devices not used by a single user or knowledge worker, including kiosks, student devices, or those used in retail